Careers > Privacy Notice

Careers > Privacy Notice

Privacy Notice

Privacy Notice

This website, www.careers.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”).

We respect your privacy and are committed to protecting your information. In particular, with this privacy statement, we would like to inform you about the purposes of the processing of the personal data that you provide to us, the way this data is collected and processed, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns.

Who is responsible for the processing of your personal data?

When you create an account in this website and you provide us with the required information, such as the details about your identity, contact information, education or professional experience. This information is processed by Grünenthal GmbH, Zieglerstraße 6, 52078 Aachen, Germany, regardless of the Grünenthal entity that has published the job offer. Grünenthal GmbH, as the provider of this website for all its affiliated entities worldwide, is responsible for all personal data entered in this website.

Additionally, when the position you are applying for has been published by a Grünenthal entity other than Grünenthal GmbH, all personal data that you provide in this website will be made accessible to the relevant staff of the specific Grünenthal entity, such as the corresponding Talent Acquisition or Hiring Manager. In this case, the specific Grünenthal entity is responsible for the processing of your personal data, together with Grünenthal GmbH. The particular Grünenthal entity can be found in the respective job advertisement.

In any case, the processing of your personal data by Grünenthal GmbH will be made in accordance with the General Data Protection Regulation (the “GDPR”).

What types of personal data do we collect and process?

When you submit your application for a job in our website, we ask you to provide the following categories of personal data:

  • Contact information (Name, address, email address, phone number)
  • Job-specific information (Your job application form and other details of your application, including your cover letter, CV – previous employment record, professional qualifications and other relevant skills – and references)

Additionally, you might want to submit further information such as the following on a voluntarily basis:

  • Education and training (University degrees and certificates obtained, academic results)
  • Personal information (Date of birth, age, nationality, gender, languages spoken)

The information which is strictly necessary for the review of your application is marked in the application form with an asterisk (*). There is no obligation for you to provide the data. However, an online application to a job offer published by one of our group companies, requires the provision of the data that is required for the evaluation of the applicants´ profile and the decision to hire. Without this data, an online application cannot be processed.

Additionally, during the application process, other data such as communication content, assessments (e.g. results of job interviews) and application dates are recorded and processed further outside the website, if this is required by law or if you have consented.

Please be aware that we rely on the information you provide us in order to make a fair decision. Therefore:

  • Make sure all the submitted information is correct (“do not lie”)
  • Make sure you are entitled to share the submitted information with us (“check before you upload”)

What purposes do we process your personal data for?

The personal data that you provide in this website, including any attachments that you upload into the system, will be processed for the purposes of evaluating your eligibility, expertise and profile with respect to the specific job vacancy concerned. In case your application is successful, we will also use your data for the preparation and execution of an employment contract with you.

Our application process does not use solely computer-aided decision making. This means that your application will always also be examined by a natural person.

In our website, you also have the opportunity to create an account where you can manage all your job applications and subscribe for “Job Alerts” in order to stay informed about new career opportunities at Grünenthal. This account is password protected. The applicant´s profile is only visible for Grünenthal employees involved in recruiting activities.

We also use data such as the country where you are applying from, the gender or the channel used for submitting the application, for general data analytics purposes. For example, we are interested in understanding what the preferred channels of our applicants are, or the countries where we obtain a larger number of applications from. However, this data will only be used in an anonymous manner, in such a way that you cannot be identified.

What is the legal basis for the processing of this personal data?

The legal basis for the processing of the personal data that you provide to us in the context of your application is article 6 (1) b) GDPR or article 88 (1) GDPR in connection with section 26 (1) 1 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) as the data you provide to us in the application process is used to by Grünenthal for hiring decisions.

In addition, if you have provided us with your permission to send you “Job Alerts” by e-mail (see below), the legal basis is article 6 (1) lit. a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).

Who will be the recipients of your personal data?

If your application is related to a job offer which has been published by a Grünenthal entity other than Grünenthal GmbH, your personal data will be shared with the relevant personnel of that entity. By relevant personnel we mean only those employees that will necessarily be involved in the recruiting process, such as the corresponding Talent Acquisition or Hiring Manager.

Your personal data will also be processed by our own service providers (e. g. data processors). These providers have a contractual obligation to process your personal data only based on strict instructions from us. We ensure that all our service providers process personal data securely, both contractually and factually.

Will the personal data be transferred to third countries?

While your data will be stored in servers which are located in the European Union, please be aware that, if your application concerns a Grünenthal entity which is not located in the European Union (“EU”) or the Economic European Area (“EEA”), your personal data will be disclosed to personnel which are located in a country where there is a lower level of data protection. In addition, some of our service providers employ staff who have access to your personal data (e. g. support staff), and are located in third countries.

In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these parties. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.

How long do we keep your personal data for?

As a general rule, all information related to a single application for a job vacancy will be stored for 6 months; after this period all the data you entered will be deleted automatically.

If your application is successful, the data you have submitted will be stored in SAP SuccessFactors. If you do not delete your profile, your personal data will remain stored for up to 24 months, starting from the last log-in date and provided that your application status is non-active. This means that you can re-use the data that you have provided in your profile should you apply for other vacancies. After this period, your applicant profile will be retained in an anonymised manner only for general data analytics purposes, as previously described.

Setting of cookies

What are cookies?

Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.

What cookies do we use?

We only use functional cookies which are necessary for the functionality of our website. The session is managed with these cookies. All cookies will expire when the user’s browser is closed. The user must allow the usage of these cookies with their browser.

The following overview contains a detailed description of the functional cookies we use:

Cookie: rmk0
Purpose and content: The user's encrypted e-mail address, if known.
Lifespan: Expires when the browser session ends.

Cookie: JSESSIONID
Purpose and content: Single cookie placed on the users device during the session so the server can identify the user
Lifespan: Expires when the browser session ends.

Cookie: LoadBalancer Cookie
Purpose and content: Cookie for session stickiness so a user doesn't bounce from one instance to another - issued by F5 typically
Lifespan: Expires when the browser session ends.

Cookie: Route
Purpose and content: A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile. The cookie is required and can't be disabled.
Lifespan: Expires when the browser session ends.

Cookie: CareerSiteCompanyId

Purpose and content: Used by Akamai to send the request to the correct data centre. The cookie is required. If disabled, users can no longer access the site.

Lifespan: Expires when the browser session ends.

 

"Job Alert" notification

You have the option to subscribe for receiving notifications of vacancies from the Grünenthal Group. For this purpose, you have to create an account in our career site. In the account settings the option “Notification” can be used to receive notifications about new job postings via email.

If you no longer wish to receive notifications, you can deactivate the option “Notification” in your account settings.

Matomo 

This website uses the web analysis software of Matomo (www.matomo.org). This software enables us to collect and store data for statistical analysis of user behavior for purposes of optimization and marketing. For example, we can see in which sequence certain media content is selected, which webpage a user accesses after using the internal search function and how often a specific device is used to visit our website. Pseudonymous user profiles can be created and evaluated from these data for the same purpose.

We have configured the tool in a way that your IP address is anonymized. We do not create a User ID which would allow us to recognize a user across several devices. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the website visitor and is not combined with personal data about the bearer of the pseudonym. If you do not agree to the storage and evaluation of these data on your visit, you can object to their storage and use at any time.

The data collected with Matomo technology (including your anonymized IP address) are processed entirely on our servers. The data is not shared with third parties and neither do we receive information on our visitors from third parties.

These processing operations only take place if consent is granted through the consent management tool on this website in accordance with Art. 6 (1) a) GDPR. The data will be stored on your device until you choose to delete the cookie or until the cookie expires.

How do we secure your personal data?

We implement all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected in this website, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.

These measures include the following:

  • An username and password are required in order to access our systems and databases.
  • Authentication and authorisation are based on roles.
  • Service providers sign confidentiality and data protection clauses.
  • Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.

For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.

External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.

SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by us.

External services or content on our Website

We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.

For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:

For the purpose of an interactive design of our website third-party content from Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.

Vimeo (videos)

This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.

You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.

What are your data privacy rights?

Please note, that if you wish to change your information, you can log into your candidate profile at any time and modify the information you have provided. You can also delete your profile under "My Profile" by clicking on “Options” > “Settings” > “Delete Profile”. Your profile data will then be erased from the database entirely.

Without prejudice to the possibility to change your information as described above, you have the following rights according to applicable data privacy laws:

  • right of information about your personal data stored by us;
  • right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
  • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
  • right to data portability;
  • right to file a complaint with a data protection authority;
  • Right to revoke your consent to the sending of “Job Alerts” at any time with future effect.

You can exercise your data privacy rights by sending an e-mail to dataprivacy.de@grunenthal.com. You can also contact the data protection officer of the Grünenthal entity that has published the job offer. The contact details are usually available in the privacy statement of the corporate website of each Grünenthal entity.

Requests and complaints

If you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu

Data Protection Supervisory Authority

You may address questions and complaints also to the Data Protection Supervisory Authority in charge:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf

Telefon: 0211/38424-0
Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de

Amendment of Privacy Statement

We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.

This Data Privacy Statement was last updated on 5 February 2021.

This website, www.careers.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”).

We respect your privacy and are committed to protecting your information. In particular, with this privacy statement, we would like to inform you about the purposes of the processing of the personal data that you provide to us, the way this data is collected and processed, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns.

Who is responsible for the processing of your personal data?

When you create an account in this website and you provide us with the required information, such as the details about your identity, contact information, education or professional experience. This information is processed by Grünenthal GmbH, Zieglerstraße 6, 52078 Aachen, Germany, regardless of the Grünenthal entity that has published the job offer. Grünenthal GmbH, as the provider of this website for all its affiliated entities worldwide, is responsible for all personal data entered in this website.

Additionally, when the position you are applying for has been published by a Grünenthal entity other than Grünenthal GmbH, all personal data that you provide in this website will be made accessible to the relevant staff of the specific Grünenthal entity, such as the corresponding Talent Acquisition or Hiring Manager. In this case, the specific Grünenthal entity is responsible for the processing of your personal data, together with Grünenthal GmbH. The particular Grünenthal entity can be found in the respective job advertisement.

In any case, the processing of your personal data by Grünenthal GmbH will be made in accordance with the General Data Protection Regulation (the “GDPR”).

What types of personal data do we collect and process?

When you submit your application for a job in our website, we ask you to provide the following categories of personal data:

  • Contact information (Name, address, email address, phone number)
  • Job-specific information (Your job application form and other details of your application, including your cover letter, CV – previous employment record, professional qualifications and other relevant skills – and references)

Additionally, you might want to submit further information such as the following on a voluntarily basis:

  • Education and training (University degrees and certificates obtained, academic results)
  • Personal information (Date of birth, age, nationality, gender, languages spoken)

The information which is strictly necessary for the review of your application is marked in the application form with an asterisk (*). There is no obligation for you to provide the data. However, an online application to a job offer published by one of our group companies, requires the provision of the data that is required for the evaluation of the applicants´ profile and the decision to hire. Without this data, an online application cannot be processed.

Additionally, during the application process, other data such as communication content, assessments (e.g. results of job interviews) and application dates are recorded and processed further outside the website, if this is required by law or if you have consented.

Please be aware that we rely on the information you provide us in order to make a fair decision. Therefore:

  • Make sure all the submitted information is correct (“do not lie”)
  • Make sure you are entitled to share the submitted information with us (“check before you upload”)

What purposes do we process your personal data for?

The personal data that you provide in this website, including any attachments that you upload into the system, will be processed for the purposes of evaluating your eligibility, expertise and profile with respect to the specific job vacancy concerned. In case your application is successful, we will also use your data for the preparation and execution of an employment contract with you.

Our application process does not use solely computer-aided decision making. This means that your application will always also be examined by a natural person.

In our website, you also have the opportunity to create an account where you can manage all your job applications and subscribe for “Job Alerts” in order to stay informed about new career opportunities at Grünenthal. This account is password protected. The applicant´s profile is only visible for Grünenthal employees involved in recruiting activities.

We also use data such as the country where you are applying from, the gender or the channel used for submitting the application, for general data analytics purposes. For example, we are interested in understanding what the preferred channels of our applicants are, or the countries where we obtain a larger number of applications from. However, this data will only be used in an anonymous manner, in such a way that you cannot be identified.

What is the legal basis for the processing of this personal data?

The legal basis for the processing of the personal data that you provide to us in the context of your application is article 6 (1) b) GDPR or article 88 (1) GDPR in connection with section 26 (1) 1 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) as the data you provide to us in the application process is used to by Grünenthal for hiring decisions.

In addition, if you have provided us with your permission to send you “Job Alerts” by e-mail (see below), the legal basis is article 6 (1) lit. a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).

Who will be the recipients of your personal data?

If your application is related to a job offer which has been published by a Grünenthal entity other than Grünenthal GmbH, your personal data will be shared with the relevant personnel of that entity. By relevant personnel we mean only those employees that will necessarily be involved in the recruiting process, such as the corresponding Talent Acquisition or Hiring Manager.

Your personal data will also be processed by our own service providers (e. g. data processors). These providers have a contractual obligation to process your personal data only based on strict instructions from us. We ensure that all our service providers process personal data securely, both contractually and factually.

Will the personal data be transferred to third countries?

While your data will be stored in servers which are located in the European Union, please be aware that, if your application concerns a Grünenthal entity which is not located in the European Union (“EU”) or the Economic European Area (“EEA”), your personal data will be disclosed to personnel which are located in a country where there is a lower level of data protection. In addition, some of our service providers employ staff who have access to your personal data (e. g. support staff), and are located in third countries.

In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these parties. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.

How long do we keep your personal data for?

As a general rule, all information related to a single application for a job vacancy will be stored for 6 months; after this period all the data you entered will be deleted automatically.

If your application is successful, the data you have submitted will be stored in SAP SuccessFactors. If you do not delete your profile, your personal data will remain stored for up to 24 months, starting from the last log-in date and provided that your application status is non-active. This means that you can re-use the data that you have provided in your profile should you apply for other vacancies. After this period, your applicant profile will be retained in an anonymised manner only for general data analytics purposes, as previously described.

Setting of cookies

What are cookies?

Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.

What cookies do we use?

We only use functional cookies which are necessary for the functionality of our website. The session is managed with these cookies. All cookies will expire when the user’s browser is closed. The user must allow the usage of these cookies with their browser.

The following overview contains a detailed description of the functional cookies we use:

Cookie: rmk0
Purpose and content: The user's encrypted e-mail address, if known.
Lifespan: Expires when the browser session ends.

Cookie: JSESSIONID
Purpose and content: Single cookie placed on the users device during the session so the server can identify the user
Lifespan: Expires when the browser session ends.

Cookie: LoadBalancer Cookie
Purpose and content: Cookie for session stickiness so a user doesn't bounce from one instance to another - issued by F5 typically
Lifespan: Expires when the browser session ends.

Cookie: Route
Purpose and content: A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile.
Lifespan: Expires when the browser session ends.

Cookie: CareerSiteCompanyId
Purpose and content: Used by Akamai to send the request to the correct data center.
The cookie is required. If disabled, users can no longer access the site.
Lifespan: Expires when the browser session ends.

"Job Alert" notification

You have the option to subscribe for receiving notifications of vacancies from the Grünenthal Group. For this purpose, you have to create an account in our career site. In the account settings the option “Notification” can be used to receive notifications about new job postings via email.

If you no longer wish to receive notifications, you can deactivate the option “Notification” in your account settings.

Matomo 

This website uses the web analysis software of Matomo (www.matomo.org). This software enables us to collect and store data for statistical analysis of user behavior for purposes of optimization and marketing. For example, we can see in which sequence certain media content is selected, which webpage a user accesses after using the internal search function and how often a specific device is used to visit our website. Pseudonymous user profiles can be created and evaluated from these data for the same purpose.

We have configured the tool in a way that your IP address is anonymized. We do not create a User ID which would allow us to recognize a user across several devices. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the website visitor and is not combined with personal data about the bearer of the pseudonym. If you do not agree to the storage and evaluation of these data on your visit, you can object to their storage and use at any time.

The data collected with Matomo technology (including your anonymized IP address) are processed entirely on our servers. The data is not shared with third parties and neither do we receive information on our visitors from third parties.

These processing operations only take place if consent is granted through the consent management tool on this website in accordance with Art. 6 (1) a) GDPR. The data will be stored on your device until you choose to delete the cookie or until the cookie expires.

How do we secure your personal data?

We implement all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected in this website, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.

These measures include the following:

  • An username and password are required in order to access our systems and databases.
  • Authentication and authorisation are based on roles.
  • Service providers sign confidentiality and data protection clauses.
  • Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.

For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.

External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.

SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by us.

External services or content on our Website

We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.

For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:

For the purpose of an interactive design of our website third-party content from Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.

Vimeo (videos)

This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.

You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.

What are your data privacy rights?

Please note, that if you wish to change your information, you can log into your candidate profile at any time and modify the information you have provided. You can also delete your profile under "My Profile" by clicking on “Options” > “Settings” > “Delete Profile”. Your profile data will then be erased from the database entirely.

Without prejudice to the possibility to change your information as described above, you have the following rights according to applicable data privacy laws:

  • right of information about your personal data stored by us;
  • right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
  • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
  • right to data portability;
  • right to file a complaint with a data protection authority;
  • Right to revoke your consent to the sending of “Job Alerts” at any time with future effect.

You can exercise your data privacy rights by sending an e-mail to dataprivacy.de@grunenthal.com. You can also contact the data protection officer of the Grünenthal entity that has published the job offer. The contact details are usually available in the privacy statement of the corporate website of each Grünenthal entity.

Requests and complaints

If you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu

Data Protection Supervisory Authority

You may address questions and complaints also to the Data Protection Supervisory Authority in charge:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf

Telefon: 0211/38424-0
Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de

Amendment of Privacy Statement

We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.

This Data Privacy Statement was last updated on 5 February 2021.

This website, www.careers.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”).

We respect your privacy and are committed to protecting your information. In particular, with this privacy statement, we would like to inform you about the purposes of the processing of the personal data that you provide to us, the way this data is collected and processed, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns.

Who is responsible for the processing of your personal data?

When you create an account in this website and you provide us with the required information, such as the details about your identity, contact information, education or professional experience. This information is processed by Grünenthal GmbH, Zieglerstraße 6, 52078 Aachen, Germany, regardless of the Grünenthal entity that has published the job offer. Grünenthal GmbH, as the provider of this website for all its affiliated entities worldwide, is responsible for all personal data entered in this website.

Additionally, when the position you are applying for has been published by a Grünenthal entity other than Grünenthal GmbH, all personal data that you provide in this website will be made accessible to the relevant staff of the specific Grünenthal entity, such as the corresponding Talent Acquisition or Hiring Manager. In this case, the specific Grünenthal entity is responsible for the processing of your personal data, together with Grünenthal GmbH. The particular Grünenthal entity can be found in the respective job advertisement.

In any case, the processing of your personal data by Grünenthal GmbH will be made in accordance with the General Data Protection Regulation (the “GDPR”).

What types of personal data do we collect and process?

When you submit your application for a job in our website, we ask you to provide the following categories of personal data:

  • Contact information (Name, address, email address, phone number)
  • Job-specific information (Your job application form and other details of your application, including your cover letter, CV – previous employment record, professional qualifications and other relevant skills – and references)

Additionally, you might want to submit further information such as the following on a voluntarily basis:

  • Education and training (University degrees and certificates obtained, academic results)
  • Personal information (Date of birth, age, nationality, gender, languages spoken)

The information which is strictly necessary for the review of your application is marked in the application form with an asterisk (*). There is no obligation for you to provide the data. However, an online application to a job offer published by one of our group companies, requires the provision of the data that is required for the evaluation of the applicants´ profile and the decision to hire. Without this data, an online application cannot be processed.

Additionally, during the application process, other data such as communication content, assessments (e.g. results of job interviews) and application dates are recorded and processed further outside the website, if this is required by law or if you have consented.

Please be aware that we rely on the information you provide us in order to make a fair decision. Therefore:

  • Make sure all the submitted information is correct (“do not lie”)
  • Make sure you are entitled to share the submitted information with us (“check before you upload”)

What purposes do we process your personal data for?

The personal data that you provide in this website, including any attachments that you upload into the system, will be processed for the purposes of evaluating your eligibility, expertise and profile with respect to the specific job vacancy concerned. In case your application is successful, we will also use your data for the preparation and execution of an employment contract with you.

Our application process does not use solely computer-aided decision making. This means that your application will always also be examined by a natural person.

In our website, you also have the opportunity to create an account where you can manage all your job applications and subscribe for “Job Alerts” in order to stay informed about new career opportunities at Grünenthal. This account is password protected. The applicant´s profile is only visible for Grünenthal employees involved in recruiting activities.

We also use data such as the country where you are applying from, the gender or the channel used for submitting the application, for general data analytics purposes. For example, we are interested in understanding what the preferred channels of our applicants are, or the countries where we obtain a larger number of applications from. However, this data will only be used in an anonymous manner, in such a way that you cannot be identified.

What is the legal basis for the processing of this personal data?

The legal basis for the processing of the personal data that you provide to us in the context of your application is article 6 (1) b) GDPR or article 88 (1) GDPR in connection with section 26 (1) 1 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) as the data you provide to us in the application process is used to by Grünenthal for hiring decisions.

In addition, if you have provided us with your permission to send you “Job Alerts” by e-mail (see below), the legal basis is article 6 (1) lit. a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).

Who will be the recipients of your personal data?

If your application is related to a job offer which has been published by a Grünenthal entity other than Grünenthal GmbH, your personal data will be shared with the relevant personnel of that entity. By relevant personnel we mean only those employees that will necessarily be involved in the recruiting process, such as the corresponding Talent Acquisition or Hiring Manager.

Your personal data will also be processed by our own service providers (e. g. data processors). These providers have a contractual obligation to process your personal data only based on strict instructions from us. We ensure that all our service providers process personal data securely, both contractually and factually.

Will the personal data be transferred to third countries?

While your data will be stored in servers which are located in the European Union, please be aware that, if your application concerns a Grünenthal entity which is not located in the European Union (“EU”) or the Economic European Area (“EEA”), your personal data will be disclosed to personnel which are located in a country where there is a lower level of data protection. In addition, some of our service providers employ staff who have access to your personal data (e. g. support staff), and are located in third countries.

In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these parties. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.

How long do we keep your personal data for?

As a general rule, all information related to a single application for a job vacancy will be stored for 6 months; after this period all the data you entered will be deleted automatically.

If your application is successful, the data you have submitted will be stored in SAP SuccessFactors. If you do not delete your profile, your personal data will remain stored for up to 24 months, starting from the last log-in date and provided that your application status is non-active. This means that you can re-use the data that you have provided in your profile should you apply for other vacancies. After this period, your applicant profile will be retained in an anonymised manner only for general data analytics purposes, as previously described.

Setting of cookies

What are cookies?

Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.

What cookies do we use?

We only use functional cookies which are necessary for the functionality of our website. The session is managed with these cookies. All cookies will expire when the user’s browser is closed. The user must allow the usage of these cookies with their browser.

The following overview contains a detailed description of the functional cookies we use:

Cookie: rmk0
Purpose and content: The user's encrypted e-mail address, if known.
Lifespan: Expires when the browser session ends.

Cookie: JSESSIONID
Purpose and content: Single cookie placed on the users device during the session so the server can identify the user
Lifespan: Expires when the browser session ends.

Cookie: LoadBalancer Cookie
Purpose and content: Cookie for session stickiness so a user doesn't bounce from one instance to another - issued by F5 typically
Lifespan: Expires when the browser session ends.

Cookie: Route
Purpose and content: A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile.
Lifespan: Expires when the browser session ends.

Cookie: CareerSiteCompanyId
Purpose and content: Used by Akamai to send the request to the correct data center.
The cookie is required. If disabled, users can no longer access the site.
Lifespan: Expires when the browser session ends.

"Job Alert" notification

You have the option to subscribe for receiving notifications of vacancies from the Grünenthal Group. For this purpose, you have to create an account in our career site. In the account settings the option “Notification” can be used to receive notifications about new job postings via email.

If you no longer wish to receive notifications, you can deactivate the option “Notification” in your account settings.

Matomo 

This website uses the web analysis software of Matomo (www.matomo.org). This software enables us to collect and store data for statistical analysis of user behavior for purposes of optimization and marketing. For example, we can see in which sequence certain media content is selected, which webpage a user accesses after using the internal search function and how often a specific device is used to visit our website. Pseudonymous user profiles can be created and evaluated from these data for the same purpose.

We have configured the tool in a way that your IP address is anonymized. We do not create a User ID which would allow us to recognize a user across several devices. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the website visitor and is not combined with personal data about the bearer of the pseudonym. If you do not agree to the storage and evaluation of these data on your visit, you can object to their storage and use at any time.

The data collected with Matomo technology (including your anonymized IP address) are processed entirely on our servers. The data is not shared with third parties and neither do we receive information on our visitors from third parties.

These processing operations only take place if consent is granted through the consent management tool on this website in accordance with Art. 6 (1) a) GDPR. The data will be stored on your device until you choose to delete the cookie or until the cookie expires.

How do we secure your personal data?

We implement all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected in this website, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.

These measures include the following:

  • An username and password are required in order to access our systems and databases.
  • Authentication and authorisation are based on roles.
  • Service providers sign confidentiality and data protection clauses.
  • Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.

For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.

External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.

SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by us.

External services or content on our Website

We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.

For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:

For the purpose of an interactive design of our website third-party content from Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.

Vimeo (videos)

This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.

You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.

What are your data privacy rights?

Please note, that if you wish to change your information, you can log into your candidate profile at any time and modify the information you have provided. You can also delete your profile under "My Profile" by clicking on “Options” > “Settings” > “Delete Profile”. Your profile data will then be erased from the database entirely.

Without prejudice to the possibility to change your information as described above, you have the following rights according to applicable data privacy laws:

  • right of information about your personal data stored by us;
  • right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
  • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
  • right to data portability;
  • right to file a complaint with a data protection authority;
  • Right to revoke your consent to the sending of “Job Alerts” at any time with future effect.

You can exercise your data privacy rights by sending an e-mail to dataprivacy.de@grunenthal.com. You can also contact the data protection officer of the Grünenthal entity that has published the job offer. The contact details are usually available in the privacy statement of the corporate website of each Grünenthal entity.

Requests and complaints

If you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu

Data Protection Supervisory Authority

You may address questions and complaints also to the Data Protection Supervisory Authority in charge:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf

Telefon: 0211/38424-0
Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de

Amendment of Privacy Statement

We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.

This Data Privacy Statement was last updated on 5 February 2021.